What the vulnerability does
01Description
Incorrect Privilege Assignment vulnerability in Unity Business Technology Pty Ltd The E-Commerce ERP profitori allows Privilege Escalation.This issue affects The E-Commerce ERP: from n/a through <= 2.1.1.3.
CVSS base score
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
What the vulnerability does
Incorrect Privilege Assignment vulnerability in Unity Business Technology Pty Ltd The E-Commerce ERP profitori allows Privilege Escalation.This issue affects The E-Commerce ERP: from n/a through <= 2.1.1.3.
Explanation of Vulnerability in Simple Terms
The E-Commerce ERP versions 2.1.1.3 and earlier contain an improper access control vulnerability that allows unauthenticated attackers to read, modify, or delete data on affected systems. No user interaction is required; the vulnerability is exploitable over the network. Organizations running affected versions should update immediately.
What an attacker can do
Read, modify, or delete data without authentication.
Potential impact on your site
Attackers can access, alter, or destroy business data without logging in.
Conditions required to exploit
Network access to the affected system; no authentication or user interaction required.
Key dates
External resources
Related vulnerabilities